Lead Application Security Engineer at Policygenius
Lead AppSec Security Engineer
About The Role...
Policygenius continues to disrupt the insurance industry by delivering innovative technology-driven experiences. Our talented yet humble team is dogma-free and data driven. We are relentless in our mission to reliably deliver outstanding and secure products and services at scale. We are growing fast, but we can go further faster with experienced, collaborative, challenge-seeking people like yourself.
As the Lead Application Security Engineer you’d be joining the growing InfoSec team and helping to build a robust security culture for our Engineering team. You will work very closely with our Site Reliability and Application Engineers to ensure Poliygenius is doing all we can to protect the company’s and our customer’s data.
You will have the mindset of a technology partner and enabler who is seen as a trusted adviser and partner. You will be able to educate, provide guidance, and help drive an appreciation for application security. Like to find the security holes in things? This role’s for you.
In this role, you will…
- Define processes to develop a robust and efficient program providing engineers the knowledge and tool to securely code
- Integrate Static and Dynamic Code Analysis tools into our CI/CD pipeline
- Provide guidance on secure software development at all stages of the SDLC, including architecture and design reviews
- Formalize and manage a bug bounty intake and remediation process
- Lead the remediation of application vulnerability scanning and penetration testing
- Identify security exposures and develop mitigation plans
- Collaborate with cross functional teams (Engineering, DevOps, Product) while carrying out day-to-day tasks
- Assist the other members of the security team during testing and purple team exercises
- Perform red team exercises utilizing automated and manual techniques
We'd love to hear from you if you…
- Have 5+ years of appsec experience (and 7+ years in security): building appsec programs, pen testing web applications, utilizing instrumentation, fuzzing, and other exploitation techniques
- Have strong communication skills and the ability to comfortably and effectively articulate security and risk related concepts to technical and non technical audiences
- Know the OWASP top 10 inside and out
- Understand the concept of least privilege and the confidentiality, integrity, and availability triad and will work to enforce those concepts in our environment
- Experience with languages such as Ruby, Go, Python a bonus
- Have an understanding of application security in context of a secure SDLC and CI/CD
You can expect...
- Company-paid health, dental, vision, life & disability insurance
- 401(k) plan, FSA & commuter benefits
- Generous PTO
- Training, mentorship and coaching from leadership
- The opportunity to grow alongside a company shaking up a big, old-fashioned industry
- Fun, diverse, open-minded coworkers
- Dog companionship!!!
Policygenius is America's leading online insurance marketplace. Since 2014, our mission has been to help people get the financial protection they need (and feel good about it). We make it easy for our customers to understand their options, compare quotes, and buy insurance, all in one place. Our CEO and co-founder, Jennifer Fitzgerald, is one of only four women in the US fintech space to raise over $50 million in venture capital funding, and we've helped more than 30 million people shop for all types of insurance, placing over $35 billion in coverage to date.
At Policygenius, we're proud of building an environment that encourages our teammates to bring their authentic selves to work. Despite rapid growth (we've doubled in size year over year!), we've continuously maintained our inclusive culture through humility, hard-work, and humor, and we're looking for more people with grit, collaborative attitudes, and creative problem-solving skills to join our team. Come see why we've been voted one of Inc. Magazine's "Best Workplaces" two years in a row!
Diversity at Policygenius
Policygenius believes differences should be celebrated and is committed to building a team as diverse as the customers we serve. We welcome different perspectives and opinions to foster innovation, authenticity, and excellence across all parts of our company, and are committed to providing employees with a work environment free of discrimination and harassment.
As an Equal Opportunity Employer, Policygenius highly encourages applicants from all walks of life. All employment decisions at Policygenius are based on business needs, job requirements and individual qualifications without regard to actual or perceived race, color, sex, pregnancy, sexual orientation, gender identity or expression, age, national origin, political affiliation or belief, religion, disability, uniformed service, marital status or any other status protected by law.